We made Galaxy more lively and responsive. Homepage, published workflows, published/saved histories, and data libraries should all load much faster now. Importing data from FTP will also take less of your time.
We achieved this by optimizing database queries, implementing cache, rethinking presentation, and adding progress bars and loading indicators where needed. See the list of related performance pull requests.

Web Server and Configuration

The default web server used by Galaxy has changed from Paste to uWSGI and the default configuration file for Galaxy is now config/galaxy.yml instead of config/galaxy.ini.
To minimize the impact of this change on existing Galaxy instances, if a Galaxy has a galaxy.ini file configured, it will continue to use Paste by default unless additional steps are taken by the administrator.
uWSGI is more production ready and allows Galaxy to scale better in its default configuration. Read more about the server, configuration, and documentation changes in the uWSGI details section of this document.

Dataset Collection Usability

This release has significantly improved the usability of Galaxy dataset collections. Dozens of improvements
to collections have been made, some of the key highlights include:

More robust nametag discovery and propagation when using collections. Pull Request 5403

Client Architecture

The architecture for the client code that powers the Galaxy user interface has been significantly
overhauled. The code base has been converted to ES6,
Yarn now powers the build and dependency management of the code,
Prettier is now used to ensure consistent code formatting,
and the VueJS framework has been integrated. Taken together, these changes are
enabling Galaxy developers to write usable, responsive client code more quickly and concisely than
previously possible. A big thanks goes out to community contributions from
@anuprulez and @anatskiy that are
already converting existing Galaxy components to reactive VueJS ones. See the list of related client pull requests.

New BAM datatypes

Previously Galaxy only supported coordinate sorted BAM files by default (the bam datatype). In addition, this
release of Galaxy now supports three new types of BAM:

qname_sorted.bam, that ensures that the file is queryname sorted (e.g. SO:queryname);

qname_input_sorted.bam, that can be used to describe the output of aligners which generally keep mate pairs adjacent

unsorted.bam, that makes no assumptions about the sort order of the file.

Galaxy can now be configured to allow users the option of skipping duplicated jobs if one with
identical parameters has been previously executed and simply reuse the previously generated outputs.
This contribution is thanks to @mvdbeek.

We have found and fixed a medium-level security issue concering the GenomeSpace importer/exporter tools that were updated in the Galaxy release 17.09. These tools did not handle the GenomeSpace access token securely and stored it as a job parameter which made it accessible to anybody with access to the datasets created by these tools.
This means that any user that used a GenomeSpace token to access these tools and subsequently shared the output dataset (or history that contains it) with another user shared their GenomeSpace token also.

These tools are both included in the tool_conf.xml.sample and are therefore enabled on every new Galaxy by default.

Administrators please see the GenomeSpace security sanitization section of this document for the details on how to sanitize the tokens stored in the Galaxy database created prior to this fix.

The vulnerability has been resolved by removing the token functionality until a proper implementation is in place. The GenomeSpace tools continue to work using the OpenID authentication as before.

The fix for this issue has been applied back to Galaxy release 17.09 and can be found in this pull request.

Galaxy can be forced to start under uWSGI even with an older configuration file
by setting APP_WEBSERVER=uwsgi in the environment. As part of the transition to YAML-based
configuration files, we have implemented a schema to validate Galaxy configuration files. Run
makeconfig-validate from Galaxy’s root directory to validate a schema and makeconfig-lint to
check for best practices. While there is no need to convert your configuration file (galaxy.ini hasn’t
been deprecated), you can run makeconfig-convert-dry-run and makeconfig-convert
to respectively test and perform the conversion of an ini configuration file to a YAML one.

In the future uWSGI will allow Galaxy to setup GIE proxies without additional configuration and use modern web technologies such as web sockets.

These are big changes that affect many parts of Galaxy’s administration documentation and makes
this documentation very dependent on which Galaxy version they are targeting. To address this, we have
moved a significant amount of administration documentation into Galaxy’s code
base and made it available on a per-release basis. The latest administration documentation for
the previous release of Galaxy (17.09) which reference galaxy.ini files and Paste servers can
be found here, while documentation for this release can be found here.